7082 matches found
Amazon Linux 2 : lftp (ALAS-2020-1453)
The version of lftp installed on the remote host is prior to 4.4.8-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1453 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of...
AZL-38206 CVE-2020-15586 affecting package python-tensorboard for versions less than 2.16.2-1
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
AZL-79042 CVE-2020-15586 affecting package golang 1.25.7-1
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
DEBIAN-CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
UBUNTU-CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web console based on Lua...
Wing FTP Server 6.3.8 Remote Code Execution
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
capa: Automatically Identify Malware Capabilities
capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse...
Medium: lftp
Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
Acronis: Acronis Sync Agent Service - Untrusted DLL Search-Ordering lead to Privilege Escalation
Vulnerability description not provided...
X64Dbg - An Open-Source X64/X32 Debugger For Windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...
ShellGen - Reverse shell generator
This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 the IPv4. INFORMATION Update has been made from sys library to argparse library done in version 0.8 Usage For help: shellgen -h shellgen --help If you want to skip update and just get...
A New Ransomware Targeting Apple macOS Users Through Pirated Apps
Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed "EvilQuest" — is...
A New Ransomware Targeting Apple macOS Users Through Pirated Apps
Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed "EvilQuest " — is...
Visma Public: Reverse Tabnabbing in printing source document images
The security researcher was able to find a Reverse Tabnabbing bug in printing source document images functionality. This bug allows to replace current web page in users browser with a phishing one, facilitating phishing attacks...
Bolt CMS 3.7.0 Authenticated Remote Code Execution Exploit
This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. Th...
Xeexe - Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)
Undetectable Reverse shell & Xor encrypting with custom KEYFUD Metasploit Rat bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,...PYTHON 3 Undetectable Reverse shell Metasploit Rat Xeexe is an FUD exploiting tool which compiles a malware with famous payload, and then the...
Windscribe 1.83 Unquoted Service Path
Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-06-26 Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config...